45,000 Attacks, 5,300+ Backdoors Tied to China-Linked Cybercrime Operation

SOCRadar researchers have uncovered a massive Chinese cybercrime operation using the OpenClaw and Paperclip systems to automate global attacks...

PT-2026-2856

Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.6 and earlier Description A flaw exists in Substance3D - Stager that involves an out-of-bounds read when processing a specially crafted file. This could allow an attacker to read beyond the boundaries of...

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities KEV catalog by the U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 CVSS score: 7.2,...

Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

Microsoft this week confirmed that it inadvertently exposed information related to thousands of customers following a security lapse that left an endpoint publicly accessible over the internet sans any authentication. "This misconfiguration resulted in the potential for unauthenticated access to...

Investigation Regarding Misconfigured Microsoft Storage Location

October 28, 2022 update:Added a Customer FAQ section. Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data correspondin...

Exploit for Improper Authentication in Fortinet Fortiproxy

CVE-2022-40684 CVSS score: 9.6 POC for CVE-2022-40684 affect...